Question 345920 in Flutter Question posted in
The official Flutter documentation can be found here.

Flutter – How can I edit or remove a FirebaseAuth user's phone or email? What happens with their old login credentials after they switch?

I’m developing an app with Flutter that allows the user to edit their login credentials, but the documentation on FirebaseAuth on what happens is very limited, and as I discovered it differs between phone and email.

What I am curious about (and couldn’t find) is how I can remove an email from an account that has both email and phone – so that I can only log in with my phone.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    So I did some experiments and I'm sharing the results hoping to help someone (because if I had this info it would've saved me a lot of time and frustration).

    Especially editing an email behaves in rather unexpected ways.

    I experimented with 3 scenarios: phone login, Google login and passwordless login. A FirebaseAuth User object has two relevant fields for access rights: the providerData and userInfo.

    1. Phone login

    [{
email: null
isEmailVerified: true
phoneNumber: "+1 123-456-7890"
providerId: "phone"
uid: "+1 123-456-7890"
...
}]

    userInfo:

    email: null
isEmailVerified: false
phoneNumber: "+1 123-456-7890"
providerId: null
uid: "uid1"
...

    1.1 Unlink phone

    For the User object user calling user.unlink("phone")
    → Wipes providerData and modifies userInfo - removing phoneNumber
    → Can no longer login with +1 123-456-7890

    1.2 Edit phone

    For the User object user calling user.linkWithCredential(credential)
    → Replaces providerData with new the phone and modifies userInfo to the new phoneNumber
    → Can no longer login with +1 123-456-7890 and can login with the new one

    Email login

    providerData:

    [{
email: "[email protected]"
isEmailVerified: true
phoneNumber: null
providerId: "google.com"
uid: "71593587134053905"
...
}]

    userInfo:

    email: "[email protected]"
isEmailVerified: true
phoneNumber: null
providerId: null
uid: "uidmail1"
...

    2.1 Unlink email

    For the User object user calling user.unlink("google.com")
    → Wipes providerData without modifying userInfo. So I can still log in with the email

    2.2 Edit email

    Sending a verification email and applying the action code. → When the verification email is sent, nothing is changed about the FirebaseAuth User
    → After changing to [email protected]:

    2.2.1 I can still log in with the old email

    → I can still login with [email protected]
    → If I haven't logged in with [email protected] yet, then providerData only contains [email protected] even though userInfo contains [email protected]
    → Only if I log in with [email protected] does it get added to providerData and then it contains two items:

    [{
email: "[email protected]"
isEmailVerified: true
phoneNumber: null
providerId: "google.com"
uid: "71593587134053905"
},{
email: "[email protected]"
isEmailVerified: true
phoneNumber: null
providerId: "google.com"
uid: "90839670913908504"
...
}]

    2.2.2 I can assign the old email to another account

    → So, if another account with phone only links to email "[email protected]", then FirebaseAuth has two users connected with the email. However, when logging in with "[email protected]" I still get logged in as the old account (which now has userInfo email "[email protected]")

    2.2.3 Unlink again

    → Wipes the providerData and the userInfo stays the same as before → Now "[email protected]" is no longer associated in any way with the old account and logging in opens the new account

    3 Passwordless login

    Unlink wipes the providerData, userInfo stays the same as before, so I can login with the email again


  2. 0

    The documentation on FirebaseAuth on what happens is very limited, and as I discovered it differs between phone and email.

    Yes, that is correct. Firebase authentication with email and password is different than the Firebase authentication with phone number. So if a user signs in with email and password and right after that with the phone number, then two separate accounts will be created, one with email and password and one with the phone number.

    What I am curious about (and couldn’t find) is how I can remove an email from an account that has both email and phone – so that I can only log in with a phone number.

    As far as I understand, you already linked the account with email and password and the one with phone number into a single account. If so, if you want to unlink an account then you have to call FirebaseUser#unlink() method and specify the provider.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search